<?php
	foreach ($_POST as $key => $value) {
		$post[$key] = mysql_real_escape_string($value);
	}
if($_POST['update']) {
	$ok = 1;
	if($post['newpass'] !== $post['cnewpass']) {
		$output .= $admin->message('error', 'Oops! The passwords don\'t match.', "Try again please.");
		$ok = 0;
	}
	if(!validEmail($post['email'])) {
		$output .= $admin->message('error', 'Oops! That email isn\'t valid!', "Try again please.");
		$ok = 0;
	}
	if($post['email'] == "") {
		$output .= $admin->message('error', 'Oops! You didn\'t put in a email!', "Try again please.");
		$ok = 0;
	}
	if($ok !== 0) {
		$hash = sha1($post['newpass']);
		$email = $post['email'];
		$sql = "UPDATE ".DBTABLEPREFIX."users SET password = '{$hash}', email = '{$email}' WHERE username ='{$admin->page_info['user']['value']}'";
		$result = mysql_query($sql) or die($output .= $admin->message('error','MySQL Error', mysql_error()));
		$output .= $admin->message('success', 'Your account was successfuly updated!', 'Don\'t forget your password!');
	}
}
	$output .= "
<form action='?page=your-account' method='post'>
	<fieldset>
		<h3>Update Your Account</h3>
		<div class='form-row'>
			<label for='newpass'>New Password</label>
			<span><input type='password' name='newpass' /></span>
		</div>
		<div class='form-row'>
			<label for='cnewpass'>Confirm New Password</label>
			<span><input type='password' name='cnewpass' /></span>
		</div>
		<div class='form-row'>
			<label for='email'>Email</label>
			<span><input type='text' name='email' value='".$post['email']."' /></span>
		</div>
		<div class='form-row form-row-last'>
			<label for='update'>&nbsp;</label>
			<span><input type='submit' name='update' value='Update' /></span>
		</div>
	</fieldset>
</form>";


$admin->page_info['content']['page_title'] = "Your Account";
$admin->page_info['content']['page_content']	= $output;
//Display page
include(BASE_URL.'includes/admin/admin.php');

?>